Presentation is loading. Please wait.

Presentation is loading. Please wait.

IDC eGovernment The Future of Email Security John Ryan Operations Director Entropy.

Published byZoe Butler Modified over 10 years ago

Similar presentations

Presentation on theme: "IDC eGovernment The Future of Email Security John Ryan Operations Director Entropy."— Presentation transcript:

1 IDC eGovernment The Future of Email Security John Ryan Operations Director Entropy

2 Fixing Email Email - Where Are We Now? The Current State of Messaging (Security) Top Enterprise Email Threats & The Cost to Corporations Where Is The Industry Going? Reactive Point Solutions Proposed Email Identity Standards New Technologies to Address these Issues? Identity, Reputation, Policy Control Unique solutions available now

3 images blank

4 Source: Information Security Breaches survey 2004 – DTI UK

5

6 The Mission-Critical App Is Collapsing Email Is The Form Of Business Communication 80% Of Businesses Consider Email More Important Than Phones Email Is No Longer Reliable Spam, False-Positives, Viruses, Forgery And Other Threats Make Email Unreliable Users Are Rapidly Losing Trust In Email 52% Say They Trust Email Less 25% Have Reduced Email Use Pew Internet Life Project

7 Challenges of E Mail Today! E mail has become a mission critical communications vehicle E mail has become a major delivery mechanism for marketing messages…SPAM! Most of these marketing messages are unsolicited and unwanted Spam is perceived as the most significant problem of enterprise. Source: Osterman Research

8 Some Email Statistics 18B message per day (73% of which is SPAM) Message volume has increased by 2B in January 9.4B messages coming for Zombie hosts 290,000 infected hosts tracked last week alone 15,000+ compromised zombie networks 75% of all Viruses are deployed via an email Phishing scams accounted for 1% of SPAM Source: Senderbase network – go to www.ironport.com/toc Top countries sending SPAM …….. 1.United States 2.China 3.South Korea 4.Poland 5.France 6.Great Britain 7.Germany 8.Brazil 9.Spain 10.Japan

9 Email Stats January 2006

10 Corporations Pay the Consequences Spam Will cost corporate users over £10B in the US alone. 1 Overall cost of spam between £10B and £87B, or £50 to £1400 per worker per year. 2 Set to get worse Corporate spam traffic will rise from 44 billion messages per day in 2006, to 83 billion messages per day in 2009. 3 Viruses Sobig virus cost more than £1B. 4 Disaster recovery costs increased by 23% in 2003 to almost £100,000 per organization per virus outbreak. 5 Confidential information Difficult to estimate Devastating impacts 1. Ferris Research 2. Pew Internet and American Life Project 3. Radicati Group 4. Computer Economics 5. ICSA Labs Prevalence Survey

11 It Takes Two: Senders and Receivers We Are All Email Senders And Email Receivers Solving Receiver Problems Means Addressing Sender Issues And Vice Versa The Solution To Fixing Email Is NOT One-sided A Healthy Email System Requires Feedback Loops Integrating complaint and other corrective data back into the system is a fundamental requirement

12 Email Gateway Infrastructure Issues On top of all the Security vulnerabilities, the infrastructure itself is at breaking point….. Bespoke deployments Complexity Performance issues & bottlenecks Reliability of the solutions Huge Admin Overhead Limited visibility or control Managing the escalating costs $$$

13 Fixing Email Email - Where Are We Now? The Current State of Messaging (Security) Top Enterprise Email Threats & The Cost to Corporations Where Is The Industry Going? Reactive Point Solutions Proposed Email Identity Standards New Technologies to Address these issues? Identity, Reputation, Policy Control Unique solutions available now

14 The Industry Reacts Solutions are reactive NOT proactive Point solution approach Content-based filtering band-aids Cat and mouse game – its never going to end! New filter, new threat, new filter, new threat, new filter, new threat, new filter There is some good news! >>>>

15 Industry Adopts Identity Sender-ID/SPF Technical Solution For Sender Address Forgery Yahoo! Domain Keys Authenticating Entire Email Message Based On Sender Domain There are limitations to this partial solution.

16 Fixing Email Email - Where Are We Now? The Current State of Messaging (Security) Top Enterprise Email Threats & The Cost to Corporations Where Is The Industry Going? Reactive Point Solutions Proposed Email Identity Standards New technologies to Address these Issues? Identity, Reputation, Policy Control Unique solutions available now

17 Critical Components of a Complete Solution The vulnerability exposed by spam, viruses, phishing is inherent to the email protocol, SMTP Reputation services are a critical component of the solution: 1 2 3 Advanced authentication standards IDENTITY POLICY REPUTATION A holistic view of a senders trustworthiness Intelligently apply filtering techniques based on the apparent threat

18 Black and White Lists

19 SenderBase: Leading Reputation Service 75,000 contributing organizations 4 billion queries daily >25% of worlds Internet email 30,000 organizations (25% of all email) Other Data Open Proxy Data Blacklists Global Complaint Data Global Volume Data SpamCop, ISP abuse data, BondedSender abuse data SpamCop, SpamHaus (SBL), NJABL SORBS, OPM, DSBL… Fortune 1000 status, length of sending history, location, whether domain accepts email, etc. Authenticated Unknown Sender Extensive network of invalid" accounts 3 rd party email accreditation Reputation Established Spamtraps - 10 + 10

20 Traffic Shaping: Mail Flow Control NOT Filtering

21 Email Security Appliances: Enforcing Policy Known good is delivered Suspicious is throttled & spam filtered Known bad is deleted/tagged IronPort Appliances Use Identity And Reputation To Apply Policy Trusted Known Senders Bypass Spam Filters Suspicious Unknown Senders Are Throttled And Filtered Hostile Senders Are Deleted Or Tagged Email Appliance Anti-Spam

22 Scale is required

23 Outbreak Filter Advantage 28:46 hours28:46 hours 22:54 Next Day22:54 Next Day 18:0818:08 15 Feb 0515 Feb 05 Mydoom.bbMydoom.bb 3 Dec 043 Dec 04 30 Jan 0530 Jan 05 15 Feb 0515 Feb 05 DateDate 7:58 PM7:58 PM 09:2109:21 16:1716:17 First Anti-virus Signature AvailableFirst Anti-virus Signature Available Outbreak Filter Lead TimeOutbreak Filter Lead Time Virus Threat Level RaisedVirus Threat Level Raised VirusVirus 4:47 hours4:47 hours 3:11PM3:11PM Cidra-DCidra-D 10:20 hours10:20 hours 23:0123:01 Sober.JSober.J 17:13 hours17:13 hours 23:0423:04 Goldun.HGoldun.H

24 Prevention: Temporary Quarantine Pulls outbreak rules for all incoming email attachments Triggers automated quarantine for suspicious attachments Releases messages for rescanning through standard filters Outbreak Rules Temporary Quarantine Virus Filter Closes the Reaction Gap MyDoom.bb 6503 files Quarantined 100% capture

25 VoF Advantages

26 Consolidation of the Email Perimeter BEFORE AFTER Email Appliance

27 Summary Security spend has to increase to meet the ever increasing business demands Email is now THE critical communications system Our email systems are under attach and straining to deliver We need to re-think our approach to email delivery and invest in new technology

Download ppt "IDC eGovernment The Future of Email Security John Ryan Operations Director Entropy."

Similar presentations

Symantec & IMlogic January 2006. 2© 2006 Symantec - CONFIDENTIAL Contents Intro Vision Key Benefits Product Strategy Business Strategy Roadmap.

Symantec & IMlogic January © 2006 Symantec - CONFIDENTIAL Contents Intro Vision Key Benefits Product Strategy Business Strategy Roadmap.
Greetings from Finland F-Secure Corp We used to be fighting these... Chen-Ing Hau Author of the CIH virus Joseph McElroy Hacked the Fermi lab network.

Greetings from Finland F-Secure Corp We used to be fighting these... Chen-Ing Hau Author of the CIH virus Joseph McElroy Hacked the Fermi lab network.
Symantec 2004 Pulse of IT Security in Canada Volume II Survey shows Increases in Concern and Spending for IT Security Andrew Bisson Director, Planning.

Symantec 2004 Pulse of IT Security in Canada Volume II Survey shows Increases in Concern and Spending for IT Security Andrew Bisson Director, Planning.
1 Eloqua Providing Industry-Leading Management Tools May 2009.

1 Eloqua Providing Industry-Leading Management Tools May 2009.
Email Deliverability @ Eloqua Providing Industry-Leading Email Management Tools.

Eloqua Providing Industry-Leading Management Tools.
Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.
Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.
Network Security Highlights Nick Feamster Georgia Tech.

Network Security Highlights Nick Feamster Georgia Tech.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
1 Network-Level Spam Detection Nick Feamster Georgia Tech.

1 Network-Level Spam Detection Nick Feamster Georgia Tech.
Network Operations Research Nick Feamster

Network Operations Research Nick Feamster
1 Introduction to Transportation Systems. 2 PART I: CONTEXT, CONCEPTS AND CHARACTERIZATI ON.

1 Introduction to Transportation Systems. 2 PART I: CONTEXT, CONCEPTS AND CHARACTERIZATI ON.
Proprietary and Confidential to Oversi Engines for The New Internet Caching – Bucking the Trend.

Proprietary and Confidential to Oversi Engines for The New Internet Caching – Bucking the Trend.
SOA for EGovernment 1 Emergency Services Enterprise Framework: A Service-Oriented Approach Sukumar Dwarkanath COMCARE Michael Daconta Oberon Associates.

SOA for EGovernment 1 Emergency Services Enterprise Framework: A Service-Oriented Approach Sukumar Dwarkanath COMCARE Michael Daconta Oberon Associates.
19/04/2001 Abossé AKUE-KPAKPO TOGO TELECOM 1 Abossé AKUE-KPAKPO Telecommunication Manager Chief, Internet and Business Services Division Tel. : (228) 21.

19/04/2001 Abossé AKUE-KPAKPO TOGO TELECOM 1 Abossé AKUE-KPAKPO Telecommunication Manager Chief, Internet and Business Services Division Tel. : (228) 21.
Anti-SPAM activities in Malaysia - Current Situation, Regulatory Environment and Future Developments ITU virtual conference on anti-spam regulation and.

Anti-SPAM activities in Malaysia - Current Situation, Regulatory Environment and Future Developments ITU virtual conference on anti-spam regulation and.
1 Proofpoint, Inc. Proprietary and Confidential ©2010 Proofpoint Protection/Privacy Offering Proofpoint Privacy Accurately detect ePHI in e-mails Integrated.

1 Proofpoint, Inc. Proprietary and Confidential ©2010 Proofpoint Protection/Privacy Offering Proofpoint Privacy Accurately detect ePHI in s Integrated.
Photo Slideshow Instructions (delete before presenting or this page will show when slideshow loops) 1.Set PowerPoint to work in Outline. View/Normal click.

Photo Slideshow Instructions (delete before presenting or this page will show when slideshow loops) 1.Set PowerPoint to work in Outline. View/Normal click.
The volume of threats through email has increased with its usage. 2004 is known as the year of Phishing Scams. Spamming Bots increased by 600% in 2004.

The volume of threats through has increased with its usage is known as the year of Phishing Scams. Spamming Bots increased by 600% in 2004.
Solutions for businesses. Keep It Secure Contents Protection objectives Network secured Supplementary products Unique.

Solutions for businesses. Keep It Secure Contents Protection objectives Network secured Supplementary products Unique.

Similar presentations

Ads by Google